DEV Community

Discussion on: 15 DevTool Secrets for JavaScript Developers

Collapse
aarone4 profile image
Aaron Reese

Great article. Lots of new stuff I didn't know. Override server files with a local copy sounds like a potential vulnerability.

Collapse
asayerio_techblog profile image
OpenReplay Tech Blog Author

Only for your local copy, but yes, if you're sharing the computer with someone else, it could be a potential attack vector.

Collapse
aarone4 profile image
Aaron Reese

What I meant was, if you have a file that runs some business logic on the front end and that file can be subverted by loading an alternative copy from the hackers local machine and you don't re-validate server-side ...

Thread Thread
ntchambers profile image
Nicholas Chambers

That's not really anything unique to this. You would have the same problem with any browser extension or userscript. This isn't even a problem unique to the browser. Client side validation is a hard to enforce concept. However, being able to supply your own files is hardly a vulnerability.